August 17, 2017 Kayla Thrailkill
Locky Ransomware is Back
Locky, a ransomware variant that was once upon a time one of the most popular types of ransomware, is back. This return is not surprising. Cyber criminals would rather make slight alterations to existing malware and reuse it, then have to create it from scratch. By making even the simplest changes, a known threat can become an unknown file. This is exactly what the hackers want, and here’s why.
Most security programs utilize a blacklist as their primary method of malware detection. A blacklist is a list of all known threats. If an unknown file tries to execute on a computer with a security program that uses a blacklist — it will run. Why? Because it is not a known threat. See the issue?
How They’re Getting You…
The latest version of Locky is being distributed through a malicious email campaign. The emails are meant to entice the user to download a particular file. This could be a .pdf, .docx, or .jpg, just to name a few. Whichever file type the user downloads, the ransomware is then triggered to encrypt all of the user’s files of that same type. Therefore, if they download a .docx attachment, all of the .docx files on the PC will then be encrypted and held for ransom.
Too bad there’s not a way to stop this. Wait, there is. MSPMentor reports,
“Experts recommend adopting a “default deny” security posture, which calls for blocking all unknown files from an IT infrastructure until they’re verified as safe.”
Sound familiar? Application whitelisting, or a “default deny” approach, is the only way to fully protect data and end-points from these emerging threats. PC Matic, PC Matic Pro, and PC Matic MSP use a globally, automated whitelist as their primary method of malware detection. Trying to keep up with today’s consistently changing threat landscape is impossible. However, knowing what programs are safe and secure, is far more manageable.